Networks are widely used to interconnect various types of devices. Examples of networks can include wireless and wired local area networks (LANs), wide area networks (WANs), personal area networks (PANs), metropolitan area networks (MANs), cellular and telephone networks, the Internet, etc. Examples of devices interconnected by networks can include desktop computers, portable computers and handheld devices, network telephones, network enabled printers, copiers, cellular devices, multifunction devices and other appliances (either information technology (IT) appliances or otherwise), etc.
A network, such as a network within an organization, can interconnect numerous network devices. Typically, devices such as printers, copies, and the like provide services, are shared among a number of users, and are located centrally according to anticipated demand. Conversely, devices such as computers and handheld devices provide user network access and can be shared or designated to a particular user or user class as the situation demands.
Although the evolution of technology has provided powerful systems and enabled more efficient performance of complex tasks, the initial setup and association of a device with a user remains complex and daunting for even the most simple task. It is now extremely common for users to wish to associate themselves with a networked device. For example, the purpose of association may be physically locating the networked device, creating a communication channel between the user (e.g., a secure channel, in which case this would require creating a secured association), and/or releasing or authorizing the use of resources on the device (e.g., authorizing a user to use a specific printer).
However, bootstrapping or associating the connection between the network devices and users using them still requires significant human intervention. Consider, for example, an employee attempting to print a document for the first time after arriving in a new office space. If the nearest networked printer has not already been set up on the employee's computer by experienced and knowledgeable IT staff, then the user must go about seeking out a suitable printer, determine the proper information required to set up the printer on the employee's computer, go through any required setup programs and device driver installation programs, and then possibly print a test page to ensure success.
In addition, many configuration and management interfaces for networked devices operate under the often-unfounded assumption that the user configuring the device is sufficiently technically capable to locate and identify the correct physical device and determine proper set up information. As the number of devices networked together on a site increases and/or the size and complexity of the network increases, the issue of locating the correct device becomes increasingly overwhelming. Significantly, such a set up routine would be required for each additional device that the employee has occasion to use.
Moreover, any one of the steps in the setup routine is prone to human error, which can result in lost productivity and user frustration. Moreover, measures in place to enhance security or privacy, such as authentication or privacy protections, can further provide opportunity for user error as a result of the tradeoffs between usability, security, and privacy protection. In some instances, a frustrated user may give up and abandon the attempt, which can result in lost future productivity due to the employee's avoidance of setting up IT assets provided to improve worker productivity. In other instances, the frustrated user may turn to IT support staff for assistance, which can lead to IT staff's reduced availability for attending to more complex tasks. In turn, this can lead to higher IT support costs. Thus, a technique that makes this association effortless and secure will reduce the cost of managing and supporting network devices.
Conventional solutions to device association are point solutions that either assume that the user knows the location of the device or omit the user from the association process. As an example, Bluetooth™ pairing involves selecting menu items or pressing buttons on devices such as a cell phones and headsets in a non-intuitive manner. By design, the Bluetooth™ pairing method assumes that the user possesses the devices to be associated or is at least in close proximity with the devices. Thus, the user presumably already knows the location of the devices as a precondition of the pairing operation. In addition, the pairing does not really associate the user with either device, because after the pairing occurs, anyone or no one can use the device without affecting the paired devices. In other words, the use of the paired devices by a user is incidental to the pairing between of the devices.
In addition, although a password might be considered as an adequate mechanism for creating a secure association between a user and a device, this leaves open to human interaction the requirement of physically locating the correct networked device. This is a more subtle issue than at first glance, because even in home networking environments, while there may only be a small number of devices that are networked, the expertise of the user might be such that they do not know where the device is on a network, what its indications describe, how to enter a password, or otherwise interact with the device.
As a further example, a proximal user interacting or associating with a device by using a radio frequency smart card, such as a corporate identification card, can create a secure association between the user and the device. However, this presumes that the user has already located the device and still requires significant human interaction to run and configure the required setup programs and device driver installation programs.
Moreover, there are numerous security exploits that can be performed by a rogue device or software component masquerading as a legitimate device or process. For example, if a user is required to enter security credentials on a terminal, a compromised terminal masquerading as an intended device that the user wishes to associate with can surreptitiously capture the user's credential.
The above-described deficiencies are merely intended to provide an overview of some of the problems encountered in associating network devices with users, and are not intended to be exhaustive. Other problems with the state of the art may become further apparent upon review of the description of the various non-limiting embodiments of the disclosed subject matter that follows.